Can KEYCTL_SESSION_TO_PARENT be dropped entirely? -- was Re: [PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials
David Howells
dhowells at redhat.com
Thu Aug 15 19:46:28 UTC 2024
Jann Horn <jannh at google.com> wrote:
> Rewrite keyctl_session_to_parent() to run task work on the parent
> synchronously, so that any errors that happen in the task work can be
> plumbed back into the syscall return value in the child.
The main thing I worry about is if there's a way to deadlock the child and the
parent against each other. vfork() for example.
> + if (task_work_cancel(parent, &ctx.work)) {
> + /*
> + * We got interrupted and the task work was canceled before it
> + * could execute.
> + * Use -ERESTARTNOINTR instead of -ERESTARTSYS for
> + * compatibility - the manpage does not list -EINTR as a
> + * possible error for keyctl().
> + */
I think returning EINTR is fine, provided that if we return EINTR, the change
didn't happen. KEYCTL_SESSION_TO_PARENT is only used by the aklog, dlog and
klog* OpenAFS programs AFAIK, and only if "-setpag" is set as a command line
option. It also won't be effective if you strace the program.
Maybe the AFS people can say whether it's even worth keeping the functionality
rather than just dropping KEYCTL_SESSION_TO_PARENT?
David
More information about the Linux-security-module-archive
mailing list